Interactive Link

Last updated

The Interactive Link is a suite of hardware and software products designed for application within areas where network separation is implemented for security reasons. Manufactured and marketed by Tenix Datagate, the Interactive Link hardware products have been evaluated to the highest level under international security criteria with a strong focus on maintaining the confidentiality of the secure network. The technology underlying the products is drawn from Starlight Technology, developed by the Australian Defence Science and Technology Group.

Contents

History

The Interactive Link product suite is a commercialized version of Starlight Technology. This technology, developed as a way to transfer data from a lower classification (Low Side) network to a highly classified (High Side) computer without compromising sensitive information, was formed inside the Australian DSTO as a research project. [1] The technology also allowed users to view and interact on a Low Side network from a High Side computer. The Starlight Technology included a data diode, accompanying server software and Desktop-based equipment. Seen as having commercial merit and after a prototype was developed, the technology was licensed to Vision Abell (later acquired by Tenix) in 1996 for development and supply to Australian government under the brand “Interactive Link”. [2] [3] [ dead link ] The objective of these products was to increase productivity and to reduce the deskspace required by users working on more than one network, while not compromising the existing security.

In 2002, DSTO signed a long-term agreement for the newly formed Tenix Datagate division of Tenix to market, manufacture and further develop the Interactive Link product worldwide. [4] Tenix Datagate subsequently set up offices in the UK and US in addition to their Australian presence. Tenix Defence was acquired by BAE Systems Australia in 2008, including ownership of the Interactive Link products.

Due to its high level of certification, the Interactive Link product suite has been deployed to numerous western nations.

Products

The Interactive Link Product Suite includes the following:

The Interactive Link Data Diode Device (IL-DD) – a trusted platform providing a strictly unidirectional data path between two networks. The device allows the transmission of information from Low Side to High Side networks but not vice versa. Data is transmitted by means of optical fibre technology that reduces the risk of data interception by TEMPEST attack.

The Interactive Link Keyboard Switch (IL-KBS) – The IL-KBS is a desktop device that allows users of a High Side computer to access a Low Side Thin Client session. Used in conjunction with the IL-DD, no High Side Data is sent down to the Low Side network. Users are able to view and interact with the Low Side inside a window on their High side computer.

Interactive Link Multiple Computer Switch (IL-MCS) – a highly secure KVM to switch between two desktop computers of differing security classification levels from a single keyboard, mouse and monitor. Its level of certification (ITSEC E6) means it is the most thoroughly evaluated KVM presently available.

Interactive Link Data Pump Applications (IL-DPAs) – These are software applications that send file, email, clipboard and file data over the IL-DD. These may be used independently of the desktop devices. These consist of the File Transfer Application, Email Transfer Application, Clipboard and File Transfer Application and Data Forwarding Application.

Evaluation and certification

High levels of evaluation under relevant security criteria are distinctive features of the Interactive Link hardware. They have been certified under the following criteria:

ITSEC – The IL-MCS, [5] IL-DD [6] and IL-KBS [7] have all been evaluated to the level of E6 under ITSEC, the highest level possible under this criteria. This evaluation was performed under the Australian Information Security Evaluation Programme, [8] and mutually recognised in a large number of nations.

Common Criteria – The IL-DD has been certified to EAL7 under the Common Criteria in the United States, the highest level possible. [9] [ dead link ] The IL-KBS has been certified to EAL5.

The IL-KBS and IL-MCS units are used primarily where users need to access two separate networks from a single desktop while maintaining strict security separation between the two domains. Examples of this would include accessing Classified and Unclassified networks in a military setting.

The IL-DD and IL-DPAs are versatile in their applicability, primarily they are used where data in various forms needs to be sent in a strictly unidirectional manner. This could include automated sending internet data to an otherwise isolated network, a unidirectional email gateway and one-way dispatch of log files for secure storage. Another potential setting is where the IL-DD is "turned around" to push data from a secure source to an insecure destination.

Related Research Articles

The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification. It is currently in version 3.1 revision 5.

The Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) is a computer security standard published in 1993 by the Communications Security Establishment to provide an evaluation criterion on IT products. It is a combination of the TCSEC and the European ITSEC approaches.

An application program is a computer program designed to carry out a specific task other than one relating to the operation of the computer itself, typically to be used by end-users. Word processors, media players, and accounting software are examples. The collective noun "application software" refers to all applications collectively. The other principal classifications of software are system software, relating to the operation of the computer, and utility software ("utilities").

Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications, permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. There are two contexts for the use of multilevel security. One is to refer to a system that is adequate to protect itself from subversion and has robust mechanisms to separate information domains, that is, trustworthy. Another context is to refer to an application of a computer that will require the computer to be strong enough to protect itself from subversion and possess adequate mechanisms to separate information domains, that is, a system we must trust. This distinction is important because systems that need to be trusted are not necessarily trustworthy.

The Evaluation Assurance Level of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. The increasing assurance levels reflect added assurance requirements that must be met to achieve Common Criteria certification. The intent of the higher levels is to provide higher confidence that the system's principal security features are reliably implemented. The EAL level does not measure the security of the system itself, it simply states at what level the system was tested.

<span class="mw-page-title-main">Jindalee Operational Radar Network</span> Over-the-horizon radar network in Australia

The Jindalee Operational Radar Network (JORN) is an over-the-horizon radar (OHR) network that can monitor air and sea movements across 37,000 square kilometres (14,000 sq mi). It has a normal operating range of 1,000 kilometres (620 mi) to 3,000 kilometres (1,900 mi). It is used in the defence of Australia, and can also monitor maritime operations, wave heights and wind directions.

<span class="mw-page-title-main">ArcGIS</span> Geographic information system maintained by Esri

ArcGIS is a family of client, server and online geographic information system (GIS) software developed and maintained by Esri.

The Information Technology Security Evaluation Criteria (ITSEC) is a structured set of criteria for evaluating computer security within products and systems. The ITSEC was first published in May 1990 in France, Germany, the Netherlands, and the United Kingdom based on existing work in their respective countries. Following extensive international review, Version 1.2 was subsequently published in June 1991 by the Commission of the European Communities for operational use within evaluation and certification schemes.

Multiple single-level or multi-security level (MSL) is a means to separate different levels of data by using separate computers or virtual machines for each level. It aims to give some of the benefits of multilevel security without needing special changes to the OS or applications, but at the cost of needing extra hardware.

Application virtualization is a software technology that encapsulates computer programs from the underlying operating system on which they are executed. A fully virtualized application is not installed in the traditional sense, although it is still executed as if it were. The application behaves at runtime like it is directly interfacing with the original operating system and all the resources managed by it, but can be isolated or sandboxed to varying degrees.

The XTS-400 is a multilevel secure computer operating system. It is multiuser and multitasking that uses multilevel scheduling in processing data and information. It works in networked environments and supports Gigabit Ethernet and both IPv4 and IPv6.

A unidirectional network is a network appliance or device that allows data to travel in only one direction. Data diodes can be found most commonly in high security environments, such as defense, where they serve as connections between two or more networks of differing security classifications. Given the rise of industrial IoT and digitization, this technology can now be found at the industrial control level for such facilities as nuclear power plants, power generation and safety critical systems like railway networks.

Desktop virtualization is a software technology that separates the desktop environment and associated application software from the physical client device that is used to access it.

A web desktop or webtop is a desktop environment embedded in a web browser or similar client application. A webtop integrates web applications, web services, client–server applications, application servers, and applications on the local client into a desktop environment using the desktop metaphor. Web desktops provide an environment similar to that of Windows, Mac, or a graphical user interface on Unix and Linux systems. It is a virtual desktop running in a web browser. In a webtop the applications, data, files, configuration, settings, and access privileges reside remotely over the network. Much of the computing takes place remotely. The browser is primarily used for display and input purposes.

In computing, the term remote desktop refers to a software- or operating system feature that allows a personal computer's desktop environment to be run remotely from one system, while being displayed on a separate client device. Remote desktop applications have varying features. Some allow attaching to an existing user's session and "remote controlling", either displaying the remote control session or blanking the screen. Taking over a desktop remotely is a form of remote administration.

This article provides information on the industrial sector in Victoria (Australia) that supplies goods and services to defence and military customers and associated supply chain.

Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection. RDS was first released in 1998 as Terminal Server in Windows NT 4.0 Terminal Server Edition, a stand-alone edition of Windows NT 4.0 Server that allowed users to log in remotely. Starting with Windows 2000, it was integrated under the name of Terminal Services as an optional component in the server editions of the Windows NT family of operating systems, receiving updates and improvements with each version of Windows. Terminal Services were then renamed to Remote Desktop Services with Windows Server 2008 R2 in 2009.

In computing, virtualization or virtualisation is the act of creating a virtual version of something at the same abstraction level, including virtual computer hardware platforms, storage devices, and computer network resources.

<span class="mw-page-title-main">Trusted Computer System Evaluation Criteria</span>

Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify, and select computer systems being considered for the processing, storage, and retrieval of sensitive or classified information.

SWIPSY was a firewall toolkit produced by the Defence Evaluation and Research Agency in the UK. The SWIPSY toolkit was an ITSEC E3 evaluated product that allowed additional code to be added to its security ‘compartments’ without affecting the evaluation status of the toolkit itself.

References

  1. "Mark Anderson, et al, "Starlight: Interactive Link", Proceedings of the 12th Annual Computer Security Applications Conference, December 1996". Archived from the original on 2011-06-29. Retrieved 2010-11-14.
  2. Australian Defense Minister's Award for Achievement in DSTO Speech, the Hon. John Moore MP, 10 December 1998
  3. Transforming Government - Achievements in E-government "Securing Systems With Starlight", Australian Department of Finance and Administration, 2003
  4. ""DSTO and Tenix Industries Strengthen Partnership to Crack Global Security Market", Australian Defence Science Technology Organisation, 2002". Archived from the original on 2007-09-05. Retrieved 2007-04-04.
  5. IL-MCS entry in the Defence Signals Directorate Evaluated Products List
  6. IL-DD entry in the Defence Signals Directorate Evaluated Products List
  7. IL-KBS entry in the Defence Signals Directorate Evaluated Products List
  8. Defence Signals Directorate Information Security Evaluation
  9. IL-DD Entry in the US Common Criteria Validated Products List